CVE-2022-45934

Published: Nov 27, 2022Modified: Apr 29, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.

Affected (14)

Products: Linux: Linux Kernel · Fedoraproject: Fedora · Netapp: H410c Firmware, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware · +1 more

Show all products

Linux: Linux Kernel · Fedoraproject: Fedora · Netapp: H410c Firmware, H300s Firmware, H500s Firmware, H700s Firmware, H410s Firmware · Debian: Debian Linux

1 product

1 product

5 products

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.32 to 4.9.337
Linux Linux Kernel	From 4.10 to 4.14.303
Linux Linux Kernel	From 4.15 to 4.19.270
Linux Linux Kernel	From 4.20 to 5.4.229
Linux Linux Kernel	From 5.11 to 5.15.85
Linux Linux Kernel	From 5.16 to 6.0.15
Linux Linux Kernel	From 5.5 to 5.10.161

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410c Firmware	All versions

Running on/with	Platform Versions
Netapp H410c	All versions

Configuration D

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H300s Firmware	All versions

Running on/with	Platform Versions
Netapp H300s	All versions

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H500s Firmware	All versions

Running on/with	Platform Versions
Netapp H500s	All versions

Configuration F

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H700s Firmware	All versions

Running on/with	Platform Versions
Netapp H700s	All versions

Configuration G

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Netapp H410s Firmware	All versions

Running on/with	Platform Versions
Netapp H410s	All versions

Configuration H

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 11.0

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (12)

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d

Source: cve@mitre.org

Mailing ListPatchVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/03/msg00000.html

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NDAKCGDW6CQ6G3RZWYZJO454R3L5CTQB/

Source: cve@mitre.org

https://security.netapp.com/advisory/ntap-20230113-0008/

Source: cve@mitre.org

Third Party Advisory

https://www.debian.org/security/2023/dsa-5324

Source: cve@mitre.org

Third Party Advisory

https://git.kernel.org/pub/scm/linux/kernel/git/bluetooth/bluetooth-next.git/commit/?id=ae4569813a6e931258db627cdfe50dfb4f917d5d